Abstract
Wi-Fi has been widely used in our work, home, and many other places, such as hotels and airports. However, the data may be leaked if the access through Wi-Fi is not well-guarded. Wi-Fi hotspots are deployed in an unprecedented speed to facilitate people's lives. The open access nature makes them vulnerable to an evil twin access point (AP), which has the same service set id (SSID) as the legitimate AP and larger signal strength. Current Wi-Fi capable devices are not able to detect the evil twin attack, and will automatically switch to the bogus AP. In this paper, we devise a novel detection scheme based on the commonly used network diagnostic tool traceroute. A remote detection server is set up so that the client-to-server and server-to-client traceroute results are compared. If the evil twin AP is present, it will attempt to conceal the legitimate AP. The inconsistency among the two traceroute results will reveal the evil twin attack. We first present the attack model, then describe the detection scheme in detail. In our implementation, a Nexus 4 smartphone serves as the client, a desktop PC with a USB wireless adapter is set up as the evil twin AP, and the detection service is running on an Amazon EC2 Server. The experimental result demonstrates that our scheme can effectively detect an evil twin attack.
| Original language | English |
|---|---|
| Pages (from-to) | 1-6 |
| Number of pages | 6 |
| Journal | Proceedings - IEEE Global Communications Conference, GLOBECOM |
| Volume | 2018-January |
| DOIs | |
| Publication status | Published - 2017 |
| Event | 2017 IEEE Global Communications Conference, GLOBECOM 2017 - Singapore, Singapore Duration: 4 Dec 2017 → 8 Dec 2017 |
Keywords
- Evil twin attack
- Traceroute
- Wi-Fi security